Re: EC-Counsil

["Don Parker" <hydra291 () hotmail com>]

Not to beat this topic to death again but my two cents worth are as follows;

You are far better off taking some time to learn how all of the tools work 
in your own home lab. This gives you the luxury of time to play with them, 
and will save you a bundle of money to boot. The security industry is 
already rife with certfication bodies, and all are not created equal. To be 
honest you would be best off going with an established cert such as the 
CISSP, or one of the GIAC ones for that matter. Cert recognition by the HR 
dept can be pivotal in your getting a job.

Also with most of these types of "learn how to hack" courses there is, or 
should be a healthy list of prerequisite skills ie: knowledge of certain 
tools, tcp/ip, programming concepts.... What some or most of these courses 
teach is how to formalize your approach to a pen-test. That can also be 
learned though a book vice paying a large sum of money to learn what I would 
consider the obvious.

To sum up what I would advise people to do is simply learn on your own. That 
is after all one of the greatest assets of the hacker is it not? Self 
motivation and tenacity coupled with curiousity will go a long way in 
helping you down the road to getting into the computer security field.

Cheers,

Don

------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
1.613.302.2910(c)
------------------------------------------




> From: robert () dyadsecurity com
> To: pen test <pen-test () securityfocus com>
> Subject: Re: EC-Counsil
> Date: Tue, 24 Aug 2004 23:04:25 -0700
>
> Chris Griffin(cgriffin () dcmindiana com)@Tue, Aug 24, 2004 at 08:13:58AM 
> -0500:
> > I was looking to see if anyone had any exposure to ec counsil's CEH 
> course.
> > I have heard mixed views on the ec counsil, but nothing about their 
> courses.
>
> This thread about the CEH seems to come up every couple of months.  I often
> wonder if they pay people to keep bringing it up in this list :).
>
> Re-read the list archives.  If you look:
> http://archives.neohapsis.com/archives/sf/pentest/2003-11/0046.html <--
> actually has revisionist history. Intense School helped make the CEH after
> trying to teach an official ISECOM/OSSTMM class.
>
> http://cert.uni-stuttgart.de/archive/pen-test/2004/02/msg00047.html
> http://seclists.org/lists/pen-test/2003/Nov/0017.html
> http://seclists.org/lists/pen-test/2004/Feb/0030.html
> etc, etc, etc
>
> The CEH is not endorsed by ISECOM (http://www.isecom.org), nor is the
> curriculum consistent with the Rules of Engagement listed in the OSSTMM
> (http://www.osstmm.org), which is conflicting because they try to teach a 
> lot
> from the OSSTMM.
>
> If you want to see the other side of the house, check out ISESTORM -
> http://www.isestorm.org.  That is where you will find classes taught by 
> some
> of the authors of the OSSTMM, including Pete Herzog, the guy who started 
> the
> OSSTMM :).
>
> > My main concern is, learning quality stuff that I can put to use in a
> > security career.
>
> I have heard from many CEH students.  Some have said very good things about
> it.  Others have had less than kind things to say.  I think your experience
> with a CEH class will come down mostly to the instructor.  However, I will
> caution that if you put "Certified Ethical Hacker" on your cv, you will not
> be taken seriously at most Information Security professional services 
> shops.
>
> > As im sure everyone feels the same, I Dont want to drop my money on
> > something that looks good, but really isnt going to help build 
> knowledge.
>
> You'll get out of any class what you put into it.  If you go to the CEH, 
> you
> will learn something.  It's the same type of thing you'd also learn from 
> any
> of the other "hacker" classes.  If you want to learn to think and act like
> the Hollywood hacker, then any hacker class will do.  If you want to learn 
> to
> think and act like a security professional, then you'll want to go to a
> different class.
>
> > Does anyone know if this is quality stuff, or is there something out 
> there
> > better? (A major factor to me looking at this was, I can find a class 
> local
> > so I dont have to travel)
>
> If travel trumps knowledge, go local.  If knowledge trumps travel, seek out
> the best learning experience possible.
>
> Best of luck,
>
> Robert
>
> --
> Robert E. Lee
> CTO, Dyad Security, Inc.
> W - http://www.dyadsecurity.com
> E - robert () dyadsecurity com
> M - (949) 394-2033
>
> ------------------------------------------------------------------------------
> Practical and in-demand security skills professionals need in the 
> workplace.
>
> The second security storm from the vision and research of ISECOM:  ISESTORM 
> is
> the masters-level education for security auditors and penetration testers 
> from
> beginner to expert, security managers, CIO's, CISO's, and any professional
> required to work in information security or development efficiently,
> thoroughly and correctly.  ISECOM represents the global gold standard for
> security testing and auditing methodologies and analysis and ISESTORM is 
> sum
> of that experience.
>
> http://www.isestorm.org -- http://www.isecom.org -- http://www.opst.org
> -------------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------

_________________________________________________________________
Don't just Search. Find! http://search.sympatico.msn.ca/default.aspx The new 
MSN Search! Check it out!


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------